Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. 2024/01/29 11:58:12 ignoring optional flag "sandboxArg"="0" 2024/01/29 11:58:13 parsed 1 programs 2024/01/29 11:58:13 executed programs: 0 [ 49.298631][ T1045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.334591][ T1505] loop0: detected capacity change from 0 to 512 [ 54.346979][ T1505] EXT4-fs (loop0): 1 orphan inode deleted [ 54.352881][ T1505] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 54.361933][ T1505] ext4 filesystem being mounted at /root/syzkaller-testdir3645046198/syzkaller.KcVO3Q/0/file1 supports timestamps until 2038 (0x7fffffff) 2024/01/29 11:58:18 executed programs: 1 [ 54.386417][ T1505] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 54.400210][ T1051] EXT4-fs (loop0): unmounting filesystem. [ 54.406679][ T1051] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 54.416765][ T1051] EXT4-fs (loop0): Remounting filesystem read-only [ 54.423368][ T1051] EXT4-fs error (device loop0): ext4_quota_off:7054: inode #3: comm syz-executor.0: mark_inode_dirty error [ 54.445601][ T1511] loop0: detected capacity change from 0 to 512 [ 54.465634][ T1511] EXT4-fs (loop0): 1 orphan inode deleted [ 54.471396][ T1511] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 54.480668][ T1511] ext4 filesystem being mounted at /root/syzkaller-testdir3645046198/syzkaller.KcVO3Q/1/file1 supports timestamps until 2038 (0x7fffffff) [ 54.505952][ T1510] ================================================================== [ 54.514140][ T1510] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0 [ 54.521866][ T1510] Read of size 4 at addr ffff888125673070 by task syz-executor.0/1510 [ 54.530146][ T1510] [ 54.532565][ T1510] CPU: 1 PID: 1510 Comm: syz-executor.0 Not tainted 6.1.75-syzkaller #0 [ 54.540885][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 54.551005][ T1510] Call Trace: [ 54.554386][ T1510] [ 54.557309][ T1510] dump_stack_lvl+0xf4/0x251 [ 54.562001][ T1510] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.567450][ T1510] ? panic+0x3f7/0x3f7 [ 54.571754][ T1510] ? _printk+0xca/0x10a [ 54.575895][ T1510] print_report+0x15f/0x4f0 [ 54.580554][ T1510] ? __getblk_gfp+0x1f/0x810 [ 54.585293][ T1510] ? ext4_find_extent+0xb24/0xcd0 [ 54.590300][ T1510] kasan_report+0x136/0x160 [ 54.594869][ T1510] ? ext4_find_extent+0xb24/0xcd0 [ 54.599967][ T1510] ext4_find_extent+0xb24/0xcd0 [ 54.604879][ T1510] ext4_ext_map_blocks+0x297/0x62f0 [ 54.610057][ T1510] ? mod_objcg_mlstate+0x9a/0x3e0 [ 54.615397][ T1510] ? __lock_acquire+0x607/0xb70 [ 54.620238][ T1510] ? ext4_ext_release+0x10/0x10 [ 54.625231][ T1510] ? __lock_acquire+0x607/0xb70 [ 54.630262][ T1510] ? __down_write_common+0x12a/0x1e0 [ 54.635533][ T1510] ? ext4_es_lookup_extent+0x2ce/0x780 [ 54.640968][ T1510] ext4_map_blocks+0x82a/0x1810 [ 54.645974][ T1510] ? ext4_issue_zeroout+0x140/0x140 [ 54.651142][ T1510] _ext4_get_block+0x1d0/0x540 [ 54.655872][ T1510] ? attach_page_private+0xd8/0x200 [ 54.661125][ T1510] ? ext4_get_block+0x10/0x10 [ 54.665892][ T1510] ? create_page_buffers+0x16c/0x2f0 [ 54.671346][ T1510] __block_write_begin_int+0x32a/0x1150 [ 54.676894][ T1510] ? ext4_es_is_delayed+0x40/0x40 [ 54.681994][ T1510] ? page_zero_new_buffers+0x3f0/0x3f0 [ 54.687421][ T1510] ? ext4_inline_data_truncate+0xb70/0xb70 [ 54.693432][ T1510] block_page_mkwrite+0x218/0x400 [ 54.698516][ T1510] ? ext4_es_is_delayed+0x40/0x40 [ 54.703596][ T1510] ext4_page_mkwrite+0x5d9/0xf20 [ 54.708526][ T1510] ? ext4_es_is_delayed+0x40/0x40 [ 54.713751][ T1510] ? wp_page_shared+0x13e/0x540 [ 54.718579][ T1510] ? do_page_mkwrite+0x149/0x410 [ 54.723496][ T1510] ? ext4_change_inode_journal_flag+0x520/0x520 [ 54.729723][ T1510] do_page_mkwrite+0x149/0x410 [ 54.734479][ T1510] wp_page_shared+0x146/0x540 [ 54.739138][ T1510] handle_mm_fault+0x91a/0x2bf0 [ 54.743957][ T1510] ? numa_migrate_prep+0x1a0/0x1a0 [ 54.749899][ T1510] exc_page_fault+0x22a/0x5e0 [ 54.754655][ T1510] asm_exc_page_fault+0x22/0x30 [ 54.759487][ T1510] RIP: 0033:0x7faa1bb4dcc7 [ 54.763961][ T1510] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 54.783985][ T1510] RSP: 002b:00007ffec88d5418 EFLAGS: 00010203 [ 54.790207][ T1510] RAX: 0000000020003600 RBX: 00007ffec88d5528 RCX: 0000000020003600 [ 54.798153][ T1510] RDX: 00000000200036a9 RSI: 00007faa1b7107b0 RDI: 0000000020003620 [ 54.806185][ T1510] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007faa1bc8bf8c [ 54.814134][ T1510] R10: 00007ffec88d5550 R11: 0000000000000246 R12: 00007faa1b7106f0 [ 54.822172][ T1510] R13: fffffffffffffffe R14: 00007faa1b6f0000 R15: 00007faa1b7106f8 [ 54.830224][ T1510] [ 54.833235][ T1510] [ 54.835546][ T1510] The buggy address belongs to the physical page: [ 54.841931][ T1510] page:ffffea0004959cc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x125673 [ 54.852138][ T1510] flags: 0x200000000000000(node=0|zone=2) [ 54.858195][ T1510] raw: 0200000000000000 ffffea0004959d08 ffffea0004959c88 0000000000000000 [ 54.866833][ T1510] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.875581][ T1510] page dumped because: kasan: bad access detected [ 54.881980][ T1510] page_owner tracks the page as freed [ 54.887323][ T1510] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1399, tgid 1399 (kworker/u4:3), ts 53172740530, free_ts 53184086447 [ 54.906047][ T1510] post_alloc_hook+0x286/0x2b0 [ 54.910992][ T1510] get_page_from_freelist+0x2ba7/0x2de0 [ 54.916609][ T1510] __alloc_pages+0x251/0x640 [ 54.921184][ T1510] vma_alloc_folio+0x689/0x870 [ 54.926002][ T1510] handle_mm_fault+0x184b/0x2bf0 [ 54.930904][ T1510] __get_user_pages+0x3be/0xe70 [ 54.935724][ T1510] __get_user_pages_remote+0x11d/0x540 [ 54.941151][ T1510] get_arg_page+0x172/0x370 [ 54.945894][ T1510] copy_string_kernel+0xfe/0x160 [ 54.951167][ T1510] kernel_execve+0x46f/0x610 [ 54.956027][ T1510] call_usermodehelper_exec_async+0x1fc/0x310 [ 54.962281][ T1510] ret_from_fork+0x1f/0x30 [ 54.966696][ T1510] page last free stack trace: [ 54.971431][ T1510] free_unref_page_prepare+0xca9/0xd80 [ 54.977136][ T1510] free_unref_page_list+0xaa/0x690 [ 54.982316][ T1510] release_pages+0x1763/0x1900 [ 54.987163][ T1510] tlb_flush_mmu+0x26f/0x3d0 [ 54.992031][ T1510] tlb_finish_mmu+0xb0/0x1b0 [ 54.996589][ T1510] exit_mmap+0x311/0x700 [ 55.000803][ T1510] __mmput+0x61/0x290 [ 55.004844][ T1510] exit_mm+0x122/0x1b0 [ 55.008880][ T1510] do_exit+0x81e/0x23a0 [ 55.013003][ T1510] do_group_exit+0x1b5/0x280 [ 55.017580][ T1510] __x64_sys_exit_group+0x3b/0x40 [ 55.022662][ T1510] do_syscall_64+0x3d/0x80 [ 55.027065][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.032934][ T1510] [ 55.035439][ T1510] Memory state around the buggy address: [ 55.041037][ T1510] ffff888125672f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.049571][ T1510] ffff888125672f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.057691][ T1510] >ffff888125673000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.065837][ T1510] ^ [ 55.073628][ T1510] ffff888125673080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.081980][ T1510] ffff888125673100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.090280][ T1510] ================================================================== [ 55.098827][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.106284][ T1510] Kernel Offset: disabled [ 55.110672][ T1510] Rebooting in 86400 seconds..